IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

ID: CVE-2020-4463

Severity: high

Author: dwisiswant0

Tags: cve,cve2020,ibm,xxe,disclosure

Description

IBM Maximo Asset Management is vulnerable to anXML external entity injection (XXE) attack when processing XML data.A remote attacker could exploit this vulnerability to exposesensitive information or consume memory resources.

YAML Source

id: CVE-2020-4463

info:
  name: IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
  author: dwisiswant0
  severity: high
  description: |
    IBM Maximo Asset Management is vulnerable to an
    XML external entity injection (XXE) attack when processing XML data.
    A remote attacker could exploit this vulnerability to expose
    sensitive information or consume memory resources.
  impact: |
    The vulnerability can lead to unauthorized access to sensitive information or a denial of service.
  remediation: |
    Apply the latest security patches or updates provided by IBM to mitigate the vulnerability.
  reference:
    - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
    - https://github.com/Ibonok/CVE-2020-4463
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/181484
    - https://www.ibm.com/support/pages/node/6253953
    - https://nvd.nist.gov/vuln/detail/CVE-2020-4463
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
    cvss-score: 8.2
    cve-id: CVE-2020-4463
    cwe-id: CWE-611
    epss-score: 0.76538
    epss-percentile: 0.97916
    cpe: cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: ibm
    product: maximo_asset_management
    shodan-query: http.favicon.hash:-399298961
    fofa-query: icon_hash=-399298961
  tags: cve,cve2020,ibm,xxe,disclosure

http:
  - method: POST
    path:
      - "{{BaseURL}}/os/mxperson"
      - "{{BaseURL}}/meaweb/os/mxperson"

    body: |
      <?xml version='1.0' encoding='UTF-8'?>
      <max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>
        <max:MXPERSONQuery></max:MXPERSONQuery>
      </max:QueryMXPERSON>

    headers:
      Content-Type: "application/xml"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "QueryMXPERSONResponse"
          - "MXPERSONSet"

      - type: word
        part: header
        words:
          - "application/xml"
# digest: 490a0046304402207076d2b0c379c15109ad109ecc0357ab0c3883551ce2b3be86091c16b4d92f1202206d63e8c80195088ce209cb3a940feef5847bb6e93dcd8fda5b1ad754d19d8a13:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-4463.yaml"

View on Github